Last week, the Cofense Phishing Defense Center observed phishing threat actors using low-level trickery to avoid detection, by utilizing basic percentage-based URL encoding. This takes advantage of Googles nifty ability to decode the encoded URL data on the fly. The easiest way to trick a secure email gateway (SEG) is hiding the true destination of the payload. The email body is simple and originates from a compromised email account of a relatively well-known American brand, informing recipients that they have a new invoice awaiting payment.”]
Source: https://cofense.com/threat-actors-use-percentage-based-url-encoding-bypass-email-gateways/